If you're involved in the digital transformation that's shaking up the business from top to bottom, you're likely also upending the neat little world your auditors have lived in. The move to digitize processes, retrain people, refocus job roles, and rely on cloud resources for vital functions means auditors are going to have to throw away their playbooks (they do have playbooks, don't they?) and figure out new ways to assess the health and wealth of their businesses. They have to become savvy IT experts in their own right, and start poking their noses much more deeply into IT processes.
Photo: HubSpot
These days, auditing types have to look through today's IT systems to determine how well data and access is locked down, how well things are governed, the role of cloud,. and what plans are in place for emerging technologies.
That's the word from Protiviti and ISACA, which recently released a survey[1] of 1,323 chief audit executives, internal audit professionals and IT audit vice presidents and directors worldwide. Most audit plans for 2018 are impacted by the challenge of cybersecurity. More progress is still needed, as one in five organizations, on average, is not including cybersecurity in its audit plans. The most commonly reason, cited by 37 percent, is a lack of qualified resources, specifically people, skills and/or auditing tools.
As Theresa Grafenstine, chair of ISACA's board of directors, put it: "Given the increased focus on digital transformation within organizations, it's important for IT auditors to be involved throughout the entire technology project lifecycle to ensure policies and processes are put in place to mitigate risk. IT audit leaders looking to become more engaged within their organization's major technology projects have to build credibility with executive management